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specific illustrated embodiment, but only by the scope of the appended claims. 
[0066] 

The invention makes it possible to block illegitimate access from outside to, and 
thereby protect, confidential information kept inside a processor and the contents of 
external memories such as a local memory and a flash memory that are connected to a 
processor. 

1. A semiconductor apparatus comprising a processor core for performing computation, 
an external bus interface unit for connecting to an external bus, a memory interface 
unit for controlling access to a local memory, and an internal bus that interconnects the 
processor core, the external bus interface unit, and the memory interface unit, the 
external bus interface unit comprising: 

an access control unit for receiving an access request conveyed through the external bus, 
a TLB connected to the access control unit for judging whether the access request is to 
be honored or rejected, and a TLB control unit for updating the contents of the TLB as 
requested by the processor core, 

wherein upon receiving the access request conveyed through the external bus, the 
access control unit sends to the TLB a TLB check request signal asking whether the 
requested address falls within one of the access -permitted areas registered in the TLB, 
the TLB checks whether the requested address falls within one of the access-permitted 
areas registered in it and returns to the access control unit a TLB check result signal 
indicating whether the access request is to be honored or rejected, 

and the access control unit permits access to the internal bus if the TLB check result 
signal indicates that the access request is to be honored, or rejects the access request 
otherwise. 
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2. The semiconductor apparatus of claim 1, wherein the TLB control unit can update the 
range of each of the access-permitted areas according to a TLB change request issued by 
the processor core. 

3. The semiconductor apparatus of claim 1, wherein the external bus is a PCI bus. 

4. The semiconductor apparatus of claim 1, wherein the external bus is a universal bus. 

5. The semiconductor apparatus of claim 1, further comprising a cryptographic 
arithmetic unit for processing encryption and decryption that is connected to the 
internal bus, wherein the access control unit limits access to the cryptographic keys and 
registers for determining the cryptographic algorithm contained in the cryptographic 
arithmetic unit. 

6. The semiconductor apparatus of claim 1, wherein if the TLB check result signal 
indicates that the access request is to be honored the access control unit grants 
permission to access the local memory through the internal bus and the memory 
interface unit. 

7. A bus interface unit that is situated in a semiconductor apparatus connected to an 
external bus and is connected to an internal bus of the semiconductor apparatus, 
comprising an access control unit for receiving an access request sent through the 
external bus, a TLB connected to the access control unit for determining whether the 
access request sent through the external bus is to be honored or rejected, and a TLB 
control unit for updating the contents of the TLB based on a request sent from a 
processor core through the internal bus, 

wherein the access control unit, upon receiving the access request sent through the 
external bus, sends to the TLB a TLB check request signal asking whether the 
requested address falls within one of the access-permitted areas registered in the TLB, 
the TLB . checks whether the requested address falls within one of the access-permitted 
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areas registered in it and returns to the access control unit a TLB check result signal 
indicating whether the access request is to be honored or rejected, 

and the access control unit permits access to the internal bus if the TLB check result 
signal indicates that the access request is to be honored, or rejects the access request 
otherwise. 

8. The bus interface unit of claim 7, further comprising a decoder for converting an 
address specified by the access request sent through the external bus into an address to 
be used on the internal bus, 

wherein the access control unit sends an access request to the internal bus using the 
address generated as a result of the conversion by the decoder. 

9. A bus interface unit that is situated in a semiconductor apparatus connected to an 
external bus and is connected to an internal bus of the semiconductor apparatus, 
comprising an access control unit for receiving an access request sent through the 
external bus, a register holding a set of permission bits each indicating whether its 
corresponding address space in the semiconductor apparatus is access-permitted and an 
access judgment unit for determining whether the access specified by the access request 
sent through the external bus falls within one of the access-permitted areas of the 
semiconductor apparatus, 

the access judgment unit having a decoder for converting an address specified by the 
access request sent through the external bus into an address to be used on the internal 
bus, 

wherein the access judgment unit generates an area selection signal from the address 
generated as a result of the conversion by the decoder, compares the area selection 
signal with the corresponding permission bit signal output from the register holding a 
set of permission bits, and outputs a TLB check result signal indicating whether the 
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access request sent through the external bus is to be honored or rejected. 

10. The bus interface unit of claim 9, further comprising a permission bit control unit 
capable of updating the contents of the register holding a set of permission bits as 
requested by an update request signal sent through the internal bus. 

11. A computer system comprising a first semiconductor apparatus connected to a 
storage unit, a second semiconductor apparatus, and an external bus interconnecting 
the first semiconductor apparatus and the second semiconductor apparatus, the first 
semiconductor apparatus comprising* 

a processor core for performing computation, an external bus interface unit for 
connection to the external bus, a memory interface unit for controlling access to the 
storage unit, and an internal bus interconnecting the processor core, the external bus 
interface unit, and the memory interface unit, 

wherein the first semiconductor apparatus, upon receiving an access request sent from 
the second semiconductor apparatus through the external bus to the storage unit, 
judges whether or not to honor the access request using a TLB that is provided in the 
first semiconductor apparatus and that checks whether the address specified by the 
access request falls within one of the access -permitted areas registered in it, and 
if the address specified by the access request falls within one of the access-permitted 
areas registered in the TLB, permits access to the storage unit through the internal bus, 
or otherwise does not permit access to the storage unit, by rejecting the access request. 

12. The computer system of claim 11, wherein the external bus interface unit comprises 
an access control unit for receiving an access request through the external bus and a 
TLB control unit for updating the contents of the TLB as requested by the processor 
core; 

the TLB is situated in the external bus interface unit and is connected to the access 
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control unit; 

the access control unit, upon receiving an access request sent through the external bus, 

sends to the TLB a TLB check request signal asking whether the address specified by 

the access request falls within one of the access-permitted areas registered in it; 

the TLB checks whether the address specified by the access request falls within one of 

the access-permitted areas registered in it and sends to the access control unit a TLB 

check result signal indicating whether the access request is to be honored or rejected; 

and 

the access control unit permits access to the internal bus, if the TLB check result signal 
indicates that the access request is to be honored, or otherwise does not permit access to 
the internal bus, by rejecting the access request. 

13. A semiconductor apparatus comprising a module capable of performing a certain 
function, an external bus interface unit for connection to an external bus, and an 
internal bus interconnecting the module and the external bus interface unit, wherein 
the semiconductor apparatus, upon receiving an access request to the module from an 
apparatus connected to the external bus, checks whether the address specified by the 
access request falls within one of the access-permitted areas registered in a TLB 
situated in the semiconductor apparatus, and 

if the address specified by the access request falls within one of the access-permitted 
areas registered in the TLB, permits access to the module through the internal bus, 
or otherwise does not permit access to the module, by rejecting the access request. 

14. The semiconductor apparatus of claim 13 to which a storage unit is connected, 
further comprising a memory interface unit for controlling an access request directed to 
the storage unit, 

wherein if the address specified by the access request to the module from an apparatus 
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connected to the external bus falls within one of the access-permitted areas, registered 
in the TLB, the semiconductor apparatus permits access to the storage unit through the 
internal bus and the memory interface unit. 
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